BASED ON NATIONAL BEST PRACTICES, THIS MODEL ACCEPTABLE USE POLICY IS INTENDED FOR USE AS A TEMPLATE FOR PARISHES AND SCHOOLS TO DEVELOP THEIR OWN POLICIES. PLEASE EXERCISE RESTRAINT IN MODIFICATIONS. ADOPTION OF A COMPARABLE POLICY TO THIS MODEL IS RECOMMENDED BY THE ARCHDIOCESE OF SAINT PAUL AND MINNEAPOLIS AND CATHOLIC MUTUAL. Acceptable Use and Responsibility Policy for Electronic Communications [“(insert name of parish/school) AUP”] All information used in the course and scope of activities for or on behalf of (insert name of parish/school) is an asset of (insert name of parish/school). Electronic information and communications require particular safeguards and impose unique responsibilities on all Users. (insert name of parish/school) maintains a system of information security to protect our proprietary data. Integral parts of this system are the policies, standards and procedures designed for Users. All Users must adhere to these policies, standards and procedures for the complete system to remain viable. These policies, standards and procedures apply to all (insert name of parish/school)employees and clergy working directly for (insert name of parish/school) who are users of technology (“Users”) for or on behalf of the (insert name of parish/school) These policies, standards and procedures include, but are not limited to, maintaining data confidentiality, maintaining the confidentiality of data security controls and passwords, and immediately reporting any suspected or actual security violations. (insert name of parish/school)prohibits the use or alteration of (insert name of parish/school) data and/or information technology without proper authorization. All Users have an obligation to protect the confidentiality and nondisclosure of proprietary, confidential and privileged data, as well as personally identifiable information. 1. Definitions a. Electronic communications systems include, but are not limited to, electronic mail, telecommunications systems including telephone, voice mail, and video, facsimile transmissions, stand-alone or networked computers, intranet(s), extranet(s), the Internet and any other communications systems that may be created in the future. b. Electronic communications devices include, but are not limited to, regular and mobile telephones (cell phones, smart phones, walkie-talkies), facsimile machines, computers, laptops, electronic notebooks, audio and video equipment, flash drives, memory sticks, media players, and any other communications devices that may be created in the future. 1 AUP model template 4-18-12 c. Electronic communications materials include, but are not limited to, DVDs, CDs, laser discs, audio and video-tape, audio and visual recordings, films, microfiche, audio and visual broadcasts, computer operating systems, software programs, electronically stored data and text files, computer applications, emails, text messages, instant messages, and all other downloaded, uploaded, retrieved, opened, saved, forwarded or otherwise accessed or stored content. 2. Electronic Communications Systems, Devices and Materials and Users Covered a. All electronic communications systems, devices and materials located on (insert name of parish/school) property (the Premises) or belonging to (insert name of parish/school). b. All electronic communications devices and materials taken from the Premises for use at home or elsewhere. c. All personal devices and materials brought from home and used on the Premises during regular business hours d. All personal devices and materials, regardless of where they are situated, that are used in such a manner that (insert name of parish/school)may be implicated in their use e. All Users of electronic communications systems, devices and materials. 3. Ownership and Control of Communications a. All systems, devices and materials located on the Premises, and all work performed on them, are property of (insert name of parish/school). These systems, devices, and materials are to be used primarily to conduct official (insert name of parish/school) business, not personal business. b. The (insert name of parish/school) reserves the right to monitor, access, retrieve, read and disclose all content created, sent, received, or stored on (insert name of parish/school) systems, devices, and materials (including connections made and sites visited) to law enforcement officials or others, without prior notice. 4. Guidelines for Electronic Communications a. All Users of (insert name of parish/school) communications systems and devices should use care in creating email, text, video, still images, instant, or voice mail messages or in any postings on any social networking site. (See separate document “(insert name of parish/school) Social Media Policy and Protocol”.) Even when a message has been 2 AUP model template 4-18-12 deleted, it may still exist on a backup system, be restored, downloaded, recorded, printed out, or may have been forwarded to someone else without its creator’s knowledge. The contents of email and text messages are the same as other written documentation and cannot be considered private or confidential. b. Email and other electronic communications are not necessarily secure, and therefore should be treated accordingly. c. As with paper records, proper care should be taken in creating and retaining electronic records for future use, reference, and disclosure, in accord with (insert name of parish/school) policy. d. Mass emails or intranet/extranet/Internet postings to "All Employees," “All Parents” and the like must be approved by the appropriate department director or (insert position title) before they are sent/posted. e. Use of personal electronic communications devices and materials during regular business hours should be kept to a minimum and limited mainly to emergencies. f. (insert name of parish/school) systems, devices, and materials are not private and security cannot be guaranteed. Passwords and user IDs are intended to enhance system security; not to provide Users with personal privacy. In addition, all Users do not have an expectation of privacy. g. User IDs and passwords should not be disclosed to unauthorized parties. User accounts are intended to be used only by the assigned party. h. All information systems that create, store, transmit or otherwise publish data or information must have authentication and authorization systems, as approved or provided by (insert name of parish/school), in place to prevent unauthorized use, access, and modification of data and applications. Systems that transmit or publish approved information that is intended for the general public may allow unauthenticated (anonymous) access as long as such systems do not allow unauthorized posting and modification of the published information. i. Computer networks must be protected from unauthorized use. Both local physical access and remote access must be controlled. j. Information systems hardware should be secured against unauthorized physical access. k. Minors are prohibited from using (insert name of parish/school) systems, devices, or materials unless appropriate permission is given. 3 AUP model template 4-18-12 l. If any User knowingly communicates privately with a minor as a part of his or her duties for or on behalf of (insert name of parish/school), reasonable steps must be taken to send the minor’s parent/guardian the same communication content, not necessarily via the same technology. m. All files downloaded from the Internet, all data received from outside sources, and all content downloaded from portable memory devices must be scanned with updated or current virus detection software. Immediately report any viruses, tampering, or other system breaches to (insert position/title). n. It is the responsibility of Users to ensure that they save important content to an (insert name of parish/school) approved location in accord with (insert name of parish/school) policy. o. Only certain individuals, identified per (insert name of parish/school) Social Media Policy and Protocol, may post information to social media sites or (insert name of parish/school)’s website(s) as an official representative of the (insert name of parish/school) . (See separate document “(insert name of parish/school)Social Media Policy and Protocol”) p. If a User identifies himself or herself or has reason to be identified as a (insert name of parish/school) employee or clergy working directly for the (insert name of parish/school) in any personal posting or distribution of communication, that User must post the following disclaimer: “The views expressed on this site are mine alone and do not necessarily reflect the views of (insert name of parish/school) or the Archdiocese of Saint Paul and Minneapolis.” 5. Prohibited Practices Users of (insert name of parish/school) electronic communication systems, devices, or materials and Users of personal devices and materials on the Premises under circumstances when the (insert name of parish/school) may become implicated in the use may not: a. Violate any federal, state or local laws or regulations. b. Violate any archdiocesan codes of conduct, archdiocesan codes of ethics, archdiocesan safe environment or other archdiocesan policies, or policies of (insert name of parish/school), including but not limited to those that apply to communications or the use of information. c. Post or cause to be distributed any personally identifying information about a person without permission or review by the person or the person’s parent or guardian, if the person is under 18, unless required by the User’s job duties or assigned responsibilities. Personal identifying information includes, but is not limited to, images, names or screen 4 AUP model template 4-18-12 names; telephone numbers; home or workplace addresses; email addresses, and web addresses (URLs) of social networking sites or blogs. d. Post or distribute any communications, video, music, or pictures which a reasonable person may consider to be defamatory, discriminatory, offensive, harassing, disruptive, derogatory, or bullying. e. Post or distribute any communications, video, music, or pictures which are inconsistent with the faith or moral teachings of the Catholic Church. f. Engage in improper fraternizing or socializing. g. Engage in pirating or unauthorized copying, acquisition, or distribution of copyrighted, trademarked, patented materials, music, video, or film or upload, download, view, or otherwise receive or transmit trade secrets, or other confidential, private, or proprietary information or other materials to which the User does not have access rights. Regarding copyrighted materials, certain exceptions are given for educational and liturgical purposes. It is the responsibility of the User to determine copyright status h. Use electronic communications devices for designing, developing, distributing, or storing any works of programming or software unless required by the duties of the job or assignment. i. Post or send chain letters or engage in "spamming" (sending annoying, unnecessary, or unsolicited commercial messages). j. Record any telephone, video, or other conversation or communication without the express permission of the other participants to the conversation or communication, except where allowed by law. k. Arrange for the purchase or sale of any drugs, alcohol, or regulated substances and goods, or participate in Internet gambling. l. Upload, download, view, or otherwise receive or transmit indecent, sexually explicit, or pornographic material. m. Make fraudulent offers of products, items, or services originating from any (insert name of parish/school) account. n. Damage, alter, disrupt, or gain unauthorized access to computers or others’ systems; e.g. use others’ passwords, trespass on others’ folders, work, or files or alter or forward email messages in a manner that misrepresents the original message or a message chain. 5 AUP model template 4-18-12 o. Give unauthorized persons access to (insert name of parish/school) systems, provide access to confidential information, or otherwise jeopardize the security of the electronic communications systems (e.g. by unauthorized use or disclosure of passwords). p. Transmit confidential, proprietary, or sensitive information unless the transmission falls within the scope of the User’s job duties or assigned responsibilities. q. Introduce or install any unauthorized software, virus, malware, tracking devices or recording devices onto any system. r. Bypass (via proxy servers or other means), defeat or otherwise render inoperative any network security systems, firewalls or content filters. s. Allow any minor to use the (insert name of parish/school) systems, devices, or materials without appropriate permission. t. Use electronic communications devices or systems to transmit any radio frequency signal that is not permitted and/or licensed by the Federal Communication Commission ("FCC") or that would violate FCC rules or policies. u. Access or manipulate services, networks, or hardware without express authority. v. Provide information about, or lists of, (insert name of parish/school) employees, clergy or other propriety information from the (insert name of parish/school) database(s) to outside parties. Certain exceptions to this prohibition may be made with written approval from (insert position title). Mailing addresses should only be provided in hardcopy (in label or other format as appropriate). 6. Consequences of Violations of Electronic Communications Policy a. Violations of this policy, including breaches of confidentiality or security, may result in suspension of electronic communication privileges, confiscation of any electronic communication device or materials, and disciplinary action, pursuant to Justice in Employment, up to and including termination of employment, canonical review, referral to law enforcement, and other appropriate disciplinary action. The Archdiocese of Saint Paul and Minneapolis and (insert name of parish/school) gratefully acknowledges the Archdiocese of Los Angeles, which has made its Acceptable Use and Responsibility Policy (“Archdiocesan AUP”) available for reference, guidance and copying. 6 AUP model template 4-18-12